While the WebContext is related to the HTTP request and response, the SessionStore is an abstraction to deal with the web session.

It has the following methods:

• getSessionId: gets or creates the session identifier and initializes the session with it if necessary
• get: gets the attribute from the session
• set: sets the attribute in the session
• destroySession: destroys the underlying web session
• getTrackableSession: get the native session as a trackable object (for back-channel logout)
• buildFromTrackableSession: builds a new session store from a trackable session (for back-channel logout)
• renewSession: renews the native session by copying all data to a new one.

Its implementations are different depending on the pac4j implementations.

For example, the JEEContext currently uses the JEESessionStore which relies on the JEE session. In Play, we have a specific cache-based PlayCacheSessionStore as well as in Knox, which has a cookie-based KnoxSessionStore.

They are provided via the appropriate SessionStoreFactory.